Risk | Medium |
Patch available | YES |
Number of vulnerabilities | 4 |
CVE-ID | CVE-2022-23001 CVE-2022-23002 CVE-2022-23003 CVE-2022-23004 |
CWE-ID | CWE-682 CWE-703 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software Subscribe |
Sweet B Universal components / Libraries / Libraries used by multiple products |
Vendor | Western Digital |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
EUVDB-ID: #VU65994
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-23001
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to an incorrect choice of sign bit when compressing or decompressing elliptic curve points. A remote attacker can cause a denial of service condition on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsSweet B: v1
External linksQ & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU65995
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-23002
CWE-ID:
CWE-703 - Improper Check or Handling of Exceptional Conditions
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to the resulting output is not properly reduced modulo the P-256 field prime and is invalid when compressing or decompressing a point on the NIST P-256 elliptic curve with an X coordinate of zero. A remote attacker can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsSweet B: v1
External linksQ & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU65996
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-23003
CWE-ID:
CWE-703 - Improper Check or Handling of Exceptional Conditions
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to the resulting output is not properly reduced modulo the P-256 field prime and is invalid when computing a shared secret or point multiplication on the NIST P-256 curve that results in an X coordinate of zero. A remote attacker can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsSweet B: v1
External linksQ & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU65997
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-23004
CWE-ID:
CWE-703 - Improper Check or Handling of Exceptional Conditions
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists when computing a shared secret or point multiplication on the NIST P-256 curve using a public key with an X coordinate of zero, an error is returned from the library, and an invalid unreduced value is written to the output buffer. A remote attacker can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsSweet B: v1
External linksQ & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.